Maybe we should talk about security policies, standards, and guidelines.
While this is a broad topic, I do find the need for it urgent. Especially considering our environment that seems to be overrun with security breaches, among other things...again poor Sony, how many times was that in 2014 they were hacked?
Either way any organization should have a security policy in place for day to day workplace instructions on how to properly behave regarding information systems and assets. When a security policy is in place that policy should drive the standards for the organization and in turn then the standards should help develop the procedural guidelines an organization needs.
Ironically, these ideas in practice go back up the model with practices and guidelines that need to meet the standards that carry the weight of the policy. Kind of a up, down, and up approach. They are all critical and valuable to the organization.
Without these in place beside the obvious visual of IT professionals running around looking like chickens with their heads cut off (no chickens harmed in the making of this blog), we see the value in these three (3) musketeers (policy, standards, and guidelines).
Things to consider:
- Policy can not conflict with legal law. Enron anyone?
- Policy/standards/guidelines should contribute the organization how technology-based systems, information and data are used and stored.
- Policies like these could address liability issues (if necessary)
- The definition of who, what, when, and where is defined in these policies and standards
While even the company I work for (a small software company) has these in place, not every organization lays their foundation for these three (3) musketeers. And since they definitely help keep the organization in line and on top of their game, perhaps it being the new year...a new resolution is in order for those companies out there: create your security policies, standards, and guidelines. If there is one in place, make sure updates and new revisions are made if they haven't been done in awhile to keep up with our hectic online environment.
Stay safe out there!
No comments:
Post a Comment